Automated synchronized domain wide transient policy
First Claim
Patent Images
1. A method comprising:
- at a plurality of network switching and routing devices in a network domain, receiving a domain wide policy configured to control a flow of network traffic through each of the plurality of network switching and routing devices;
implementing the domain wide policy; and
removing the domain wide policy, in accordance with one or more parameters specifying that the domain wide policy is to be removed, such that the domain wide policy is removed in a synchronized manner, based on a domain clock, from each one of the network switching and routing devices in the plurality of network switching and routing devices in the network domain,wherein the domain wide policy is removed by placing the domain wide policy in an idle state on each one of the plurality of network switching and routing devices in the network domain and wherein the domain wide policy is reengaged upon request,wherein the one or more parameters comprises an indicator stored at a location to which a pointer stored on specific ones of the network switching and routing devices point, such that when an indication in the location indicates removal of the domain wide policy on the administrative device, removal of the domain wide policy at each device of the plurality of network switching and routing devices is automatically triggered.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided for, at an administrative device in a network domain, monitoring a network traffic flow parameter to determine whether a presently applied domain wide policy configured to control a network traffic flow should be removed. In response to determining that the domain wide policy should be removed, a command is generated which causes removal of the domain wide policy at each one of the plurality of network devices, and the command is sent to each one of the plurality of network devices to cause the domain wide policy to be removed at substantially the same time at each network device. Alternatively, the domain wide policy can be automatically removed by the expiry of a timer or in accordance with a timestamp so that the policy is revoked across the network domain without a need for an explicit network wide control message instructing removal of the policy.
-
Citations
10 Claims
-
1. A method comprising:
-
at a plurality of network switching and routing devices in a network domain, receiving a domain wide policy configured to control a flow of network traffic through each of the plurality of network switching and routing devices; implementing the domain wide policy; and removing the domain wide policy, in accordance with one or more parameters specifying that the domain wide policy is to be removed, such that the domain wide policy is removed in a synchronized manner, based on a domain clock, from each one of the network switching and routing devices in the plurality of network switching and routing devices in the network domain, wherein the domain wide policy is removed by placing the domain wide policy in an idle state on each one of the plurality of network switching and routing devices in the network domain and wherein the domain wide policy is reengaged upon request, wherein the one or more parameters comprises an indicator stored at a location to which a pointer stored on specific ones of the network switching and routing devices point, such that when an indication in the location indicates removal of the domain wide policy on the administrative device, removal of the domain wide policy at each device of the plurality of network switching and routing devices is automatically triggered. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a plurality of network switching and routing devices in a network domain, wherein each network device comprises; a network interface unit configured to send and receive communications over a network; memory configured to store one or more network policies or parameters associated with network traffic flow; and one or more processors coupled to the network interface unit, and configured to; receive a domain wide policy configured to control a flow of network traffic through each of the plurality of network switching and routing devices at a plurality of network switching and routing devices in a network domain; implement the domain wide policy; and remove the domain wide policy, in accordance with one or more parameters specifying that the domain wide policy is to be removed, such that the domain wide policy is removed in a synchronized manner, based on a domain clock, from each one of the network switching and routing devices in the plurality of network switching and routing devices in the network domain, wherein the domain wide policy is removed by placing the domain wide policy in an idle state on each one of the plurality of network switching and routing devices in the network domain and wherein the domain wide policy is reengaged upon request, and wherein the one or more parameters comprises an indicator stored at a location to which a pointer stored on the plurality of network switching and routing devices point, and wherein the processor is configured to remove the domain wide policy at each device of the plurality of network switching and routing devices automatically, when an indication in the location indicates removal of the domain wide policy on the administrative device. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsVoit, Eric A.
-
Primary Examiner(s)Rashid, Harunur
-
Assistant Examiner(s)Huang, Cheng-Feng
-
Application NumberUS14/254,492Publication NumberTime in Patent Office1,182 DaysField of SearchUS Class CurrentCPC Class CodesH04L 63/20 for managing network securi...
